[keycloak-dev] generic cli sso utility

Stian Thorgersen sthorger at redhat.com
Mon Aug 14 07:08:16 EDT 2017


For this exact reason it can't use the browser based flow rather it should
the direct grant (or some other flow?!?).

On 4 August 2017 at 10:09, Marek Posolda <mposolda at redhat.com> wrote:

> I wonder if it's possible to have CLI utility, which is able to read
> HTML with the form and challenge user based on that? For example once it
> receives the HTML like this:
>
> <form>
>    Username: <input name="username" />
>    Password: <input name="password" type="password" />
> </form>
>
> Then in command line, user will be challenged for username and password.
>
> I am not sure if it's doable in practice and how much work it is. Sounds
> like re-implementing browser in command line. But maybe something like
> this exists already?
>
> BTV. Some things will never work in CLI in my opinion. For example:
> - Registration with captcha
> - TOTP setup
> - Broker login (but hopefully some brokers offer alternatives)
>
> Marek
>
>
> On 28/07/17 22:36, Bill Burke wrote:
> > I've developed a small command line utility around Keycloak Installed.
> > The idea is that this utility performs a login with keycloak to obtain
> > an access token.  This utility saves the access and refresh token in a
> > file (similar to how ssh does in .ssh). Then bash scripts can be used to
> > export the access token as an environment variable so it can be used by
> > other command line utilities.
> >
> >
> > https://github.com/patriot1burke/keycloak/blob/master/adapters/oidc/
> installed/src/main/java/org/keycloak/adapters/installed/
> KeycloakCliSso.java
> >
> > https://github.com/patriot1burke/keycloak/tree/
> master/adapters/oidc/cli-sso
> >
> >
> > Eventually I'm thinking of creating a text/plain protocol with Keycloak
> > server so that launching a browser or cutting/pasting between the
> > command line window and browser isn't a requirement. It woudl be a plain
> > text challenge response protocol.  This would require a bit more work as
> > it would require reworking all of our built in authenticators and
> > required action plugins.
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list